DBMask

Fine-grained access control on encrypted relational databases

Muhammad I. Sarfraz, Mohamed Nabeel, Jianneng Cao, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

16 Citations (Scopus)

Abstract

For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of "database as a service" by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.

Original languageEnglish
Title of host publicationCODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy
PublisherAssociation for Computing Machinery, Inc
Pages1-11
Number of pages11
ISBN (Electronic)9781450331913
DOIs
Publication statusPublished - 2 Mar 2015
Externally publishedYes
Event5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015 - San Antonio, United States
Duration: 2 Mar 20154 Mar 2015

Other

Other5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015
CountryUnited States
CitySan Antonio
Period2/3/154/3/15

Fingerprint

Access control
Query processing
Information management
Cryptography
Engines
Economics
Industry
Experiments

Keywords

  • Attribute-based group key management
  • Database-as-a-service
  • Encrypted query processing

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computer Science Applications

Cite this

Sarfraz, M. I., Nabeel, M., Cao, J., & Bertino, E. (2015). DBMask: Fine-grained access control on encrypted relational databases. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (pp. 1-11). Association for Computing Machinery, Inc. https://doi.org/10.1145/2699026.2699101

DBMask : Fine-grained access control on encrypted relational databases. / Sarfraz, Muhammad I.; Nabeel, Mohamed; Cao, Jianneng; Bertino, Elisa.

CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. p. 1-11.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sarfraz, MI, Nabeel, M, Cao, J & Bertino, E 2015, DBMask: Fine-grained access control on encrypted relational databases. in CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, pp. 1-11, 5th ACM Conference on Data and Application Security and Privacy, CODASPY 2015, San Antonio, United States, 2/3/15. https://doi.org/10.1145/2699026.2699101
Sarfraz MI, Nabeel M, Cao J, Bertino E. DBMask: Fine-grained access control on encrypted relational databases. In CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc. 2015. p. 1-11 https://doi.org/10.1145/2699026.2699101
Sarfraz, Muhammad I. ; Nabeel, Mohamed ; Cao, Jianneng ; Bertino, Elisa. / DBMask : Fine-grained access control on encrypted relational databases. CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery, Inc, 2015. pp. 1-11
@inproceedings{059f2da98e3a4bf1a85a3fd9dd32864d,
title = "DBMask: Fine-grained access control on encrypted relational databases",
abstract = "For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of {"}database as a service{"} by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.",
keywords = "Attribute-based group key management, Database-as-a-service, Encrypted query processing",
author = "Sarfraz, {Muhammad I.} and Mohamed Nabeel and Jianneng Cao and Elisa Bertino",
year = "2015",
month = "3",
day = "2",
doi = "10.1145/2699026.2699101",
language = "English",
pages = "1--11",
booktitle = "CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy",
publisher = "Association for Computing Machinery, Inc",

}

TY - GEN

T1 - DBMask

T2 - Fine-grained access control on encrypted relational databases

AU - Sarfraz, Muhammad I.

AU - Nabeel, Mohamed

AU - Cao, Jianneng

AU - Bertino, Elisa

PY - 2015/3/2

Y1 - 2015/3/2

N2 - For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of "database as a service" by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.

AB - For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of "database as a service" by which their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization's business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts have not adequately addressed flexible cryptographically enforced access control on encrypted data at different granularity levels which is critical for data sharing among different users and applications. In this paper, we propose DBMask, a novel solution that supports fine-grained cryptographically enforced access control, including column, row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modifications to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experiments evaluate the performance and the functionality of an encrypted database and results show that our solution is efficient and scalable to large datasets.

KW - Attribute-based group key management

KW - Database-as-a-service

KW - Encrypted query processing

UR - http://www.scopus.com/inward/record.url?scp=84928161929&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84928161929&partnerID=8YFLogxK

U2 - 10.1145/2699026.2699101

DO - 10.1145/2699026.2699101

M3 - Conference contribution

SP - 1

EP - 11

BT - CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery, Inc

ER -